You may wonder where I got this huge load of cypher suites in the Apache config. Depending on which kind of site you are hosting you can decide for weaker or stronger suites. I chose the Intermediate from the Mozilla Site.

And make sure, that you forward all http traffic to https. This is important, because the Let’s Encrypt client tries to get the verification file from http. With the redirect the client will be able to get the file with https enabled.

Now we have a certificate which is not valid for a very long time. This is by intention by Let’s encrypt. The goal is that certificate renewals should be automated. For this I wrote a little script.

Place this script in /opt/letsencrypt as letsencrypt-renew.sh

This script makes sure that you get a new certificate for your website. It also has a check enabled for people with a dynamic IP. In case this script runs and your provider switches the IP before your dynamic DNS service (like dynDNS and noip) gets the information about it, it will end.

This is mostly because you have either VirtualBox or VMware running on the same machine. The reason (at least that’s what I think) is that the kernel module of VirtualBox or VMware and KVM can’t take Advantage of Intel VT-x or AMD-V at the same time.

So if you want to run both at the same time you have to deactivate the virtualisation in one of them.

This is a way where you can at least have the machines emulated with QEMU

This is a simple script you can copy and paste to your console to install puppet on a new host. You just need to edit the first two lines with the server information and then sign the requested certificate on the puppet master.